Re: [mod-security-users] mod_security enhancement idea
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_security enhancement idea
|
From: joe b. <joe...@ya...> - 2006-04-12 03:44:28
|
Wow that is great. I now have the tools to code rules for about 80% of my web application.
My member signup script and the member update script both have the same 20 POST_PAYLOAD fields. Can I do some thing like this?
SecFilterSelective REQUEST_URI "^(/mls_fsbo_logon.php$|/mls_fsbo_logon.php$)" chain
SecFilterSelective POST_PAYLOAD "^id=[0-9a-z]{15,}&pw=[0-9a-z]{15,}&userdigit=[0-9a-z]{5,}&submit=Submit$" allow
Is the above coding correct?
In the debug log I see this
fsbo_logon.php] Raw cookie header "PHPSESSID=4ecd90be905c5918652d743539e1051e"
_fsbo_logon.php] Adding cookie "PHPSESSID"="4ecd90be905c5918652d743539e1051e"
In the php logon script I do start php session control, but I do not write a cookie so I am suprised to see mod_security loging these messages. Do you have any idea what this means?
I have been using the apache httpd-access.log to see the raw request data.
Is there some other method you would recommend?
Is there some place I can find the maping of words like REQUEST_URI to their location in the httpd_access.log logged records?
I am interested in using SecChrootDir /chroot/apache
But the manual is not clear on setting it up. My web application lives here /usr/local/www/data and that is what is in httpd.conf
I am running apache13.
Is this how I should code the rule?
SecChrootDir /usr/local/www/data
And change the path of httpd-error.log & httpd-access.log from /var/log to /usr/local/www/data/ in the httpd.conf?
Since the logs will be in the jail how do I access the logs from outside the jail with out turning off mod_security?
---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates. |
